US10812456B2 - System and method for enhanced data protection - Google Patents
System and method for enhanced data protection Download PDFInfo
- Publication number
- US10812456B2 US10812456B2 US16/670,245 US201916670245A US10812456B2 US 10812456 B2 US10812456 B2 US 10812456B2 US 201916670245 A US201916670245 A US 201916670245A US 10812456 B2 US10812456 B2 US 10812456B2
- Authority
- US
- United States
- Prior art keywords
- encrypted
- recipient
- authentication
- symmetric key
- computer system
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 71
- 230000005540 biological transmission Effects 0.000 claims abstract description 54
- 230000015654 memory Effects 0.000 claims description 40
- 238000004590 computer program Methods 0.000 claims description 9
- 230000002596 correlated effect Effects 0.000 claims description 5
- 238000004891 communication Methods 0.000 description 7
- 230000000875 corresponding effect Effects 0.000 description 6
- 238000004422 calculation algorithm Methods 0.000 description 4
- 230000000977 initiatory effect Effects 0.000 description 4
- 230000003287 optical effect Effects 0.000 description 4
- 230000000737 periodic effect Effects 0.000 description 2
- 238000013519 translation Methods 0.000 description 2
- 230000014616 translation Effects 0.000 description 2
- 239000000872 buffer Substances 0.000 description 1
- 230000001413 cellular effect Effects 0.000 description 1
- 230000001010 compromised effect Effects 0.000 description 1
- 239000000470 constituent Substances 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 230000002452 interceptive effect Effects 0.000 description 1
- 238000002955 isolation Methods 0.000 description 1
- 230000001404 mediated effect Effects 0.000 description 1
- 238000010295 mobile communication Methods 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
- 230000002085 persistent effect Effects 0.000 description 1
- 238000013515 script Methods 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 230000002123 temporal effect Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0435—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2463/00—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
- H04L2463/062—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying encryption of the keys
Definitions
- the present disclosure relates generally to data security and more particularly, but not by way of limitation, to systems and methods for enhanced data protection.
- Asymmetric cryptography or public-key cryptography is cryptography in which a pair of keys is used to encrypt and decrypt data. Initially, a network user receives a public and private key pair from a certificate authority. Any other user who wants to send an encrypted message can get the intended recipient's public key from a public directory. They use this key to encrypt the message, and they send it to the recipient. When the recipient gets the message, they decrypt it with their private key.
- Asymmetric cryptography can be resource-intensive to implement. Symmetric cryptography is cryptography that uses the same key to encrypt and decrypt data. Symmetric-key systems are simpler and faster, but key exchange is difficult.
- a system of one or more computers can be configured to perform particular operations or actions by virtue of having software, firmware, hardware, or a combination of them installed on the system that in operation causes or cause the system to perform the actions.
- One or more computer programs can be configured to perform particular operations or actions by virtue of including instructions that, when executed by data processing apparatus, cause the apparatus to perform the actions.
- one general aspect includes a method of secure network transmission performed by a computer system.
- the method includes encrypting a payload via a first symmetric key and encrypting the first symmetric key via a second symmetric key.
- the method further includes encrypting an author header comprising the encrypted first symmetric key and a recipient list via a third symmetric key, wherein the recipient list comprises at least one recipient.
- the method also includes encrypting the third symmetric key via a public asymmetric key associated with an authentication server.
- the method includes transmitting the encrypted author header and the encrypted third symmetric key to the authentication server for use in recipient-initiated pre-access authentication.
- the method includes transmitting the encrypted payload and the second symmetric key over a computer network to the at least one recipient.
- Other embodiments of this aspect include corresponding computer systems, apparatus, and computer programs recorded on one or more computer storage devices, each configured to perform the actions of the methods.
- another general aspect includes a method performed by a computer system.
- the method includes receiving a transmission comprising an encrypted payload, wherein the encrypted payload has been encrypted via a first symmetric key, and a second symmetric key.
- the method further includes generating a recipient header comprising metadata related to the encrypted payload.
- the method also includes transmitting the recipient header to an authentication server so as to initiate pre-access authentication.
- the method includes, responsive to the transmitting, receiving an encrypted package from the authentication server.
- the encrypted package has been encrypted via the public asymmetric key associated with the recipient.
- the encrypted package includes an encrypted subportion that has been encrypted via the second symmetric key, the encrypted subportion comprising the first symmetric key.
- the method includes decrypting the encrypted package via a private asymmetric key associated with the computer system. Also, the method includes decrypting the first symmetric key from the encrypted subportion of the decrypted encrypted package via the second asymmetric key. Additionally, the method includes decrypting the encrypted payload via the decrypted first symmetric key.
- Other embodiments of this aspect include corresponding computer systems, apparatus, and computer programs recorded on one or more computer storage devices, each configured to perform the actions of the methods.
- another general aspect includes a method performed by an authentication server.
- the method includes receiving, from a recipient computer system, a recipient header in relation to an encrypted payload received by the recipient computer system from a sender computer system, wherein the recipient header comprises metadata and recipient authentication information.
- the method also includes causing the metadata of the recipient header to be correlated to a particular authentication header of a plurality of stored authentication headers.
- the particular authentication header includes: an encrypted data subportion that includes an authorized recipient list and an encrypted first symmetric key, wherein the encrypted first symmetric key is encrypted via a second symmetric key; and an encrypted third symmetric key, wherein the encrypted data subportion is encrypted via the encrypted third symmetric key and wherein the encrypted third symmetric key is encrypted via a public key associated with the authentication server.
- the method further includes decrypting the encrypted third symmetric key via a private asymmetric key associated with the authentication server. Furthermore, the method includes decrypting the encrypted data subportion via the decrypted encrypted third symmetric key. Also, the method includes authenticating the recipient computer system as an authorized recipient of the encrypted payload based, at least in part, on a determined match between the recipient authentication information and the authorized recipient list of the decrypted encrypted data subportion. The method further includes, responsive to the authenticating, encrypting the encrypted first symmetric key via a public asymmetric key associated with the recipient computer system to yield a doubly encrypted first symmetric key.
- the method includes transmitting the doubly-encrypted first symmetric key to the recipient computer system so that the encrypted payload can be decrypted by the recipient computer system.
- Other embodiments of this aspect include corresponding computer systems, apparatus, and computer programs recorded on one or more computer storage devices, each configured to perform the actions of the methods.
- another general aspect includes a method performed by a computer system.
- the method includes receiving, from a sender computer system, an authentication header in relation to a network transmission initiated by the sender computer system.
- the authentication header includes: an encrypted data subportion that includes an authorized recipient list and an encrypted first symmetric key, wherein the encrypted first symmetric key is encrypted via a second symmetric key; and an encrypted third symmetric key, wherein the encrypted data subportion is encrypted via the encrypted third symmetric key and wherein the encrypted third symmetric key is encrypted via a public key associated with the computer system.
- the method further includes causing the received authentication header to be stored among a plurality of authentication headers in anticipation of recipient-initiated pre-access authentication.
- Other embodiments of this aspect include corresponding computer systems, apparatus, and computer programs recorded on one or more computer storage devices, each configured to perform the actions of the methods.
- FIG. 1 illustrates an example of a system for providing enhanced data protection.
- FIG. 2 illustrates an example of an computer system.
- FIG. 3A illustrates an example of a process for initiating and sending a protected data transmission.
- FIG. 3B illustrates example data that can be used or generated as part of a process for initiating and sending a protected data transmission.
- FIG. 4A illustrates an example of a process for accessing a protected data transmission.
- FIG. 4B illustrates example data that can be used or generated as part of a process for accessing a protected data transmission.
- a payload can be separated from a key used to encrypt it.
- a trusted authentication server can facilitate secure transmission and access to the payload without itself having access either to the payload or a key used to encrypt the payload.
- the term payload can refer to the part of transmitted data, such as actual or body data, that is the primary purpose of the transmission.
- FIG. 1 illustrates an example of a system 100 for providing enhanced data protection.
- the system 100 includes a secure computing environment 102 , a client 114 a and a client 114 b , each of which is operable to communicate over a network 112 .
- the network 112 may be a private network, a public network, a local or wide area network, a portion of the Internet, combinations of the same, and/or the like.
- the secure computing environment 102 can include an authentication server 104 and a data store 110 , each of which is operable to communicate over a network 108 .
- the authentication server 104 includes an authentication module 106 that, in certain embodiments, can mediate protected network transmissions (e.g., network transmissions that include encrypted data) from senders to recipients.
- the data store 110 can store authentication headers that, in a typical embodiment, are generated by sender computer systems for each individual protected network transmission.
- a given authentication header, for a given network transmission can include, for example, a list of one or more authorized recipients, metadata sufficient to identify or distinguish the authentication header from other authentication headers, encryption keys, and/or other information. Examples of how an authentication header can be generated, structured and used will be described in relation to the ensuing FIGURES.
- the data store 110 can be in a separate physical and/or geographic location from the authentication server 104 . In these embodiments, physical and/or geographic isolation can in some cases improve data security. Further, in some embodiments, the data store 110 can be restricted such that access is only permitted by the authentication server 104 . In other embodiments, the data store 110 can be co-located with, and/or resident on, the authentication server 104 . In some embodiments, the network 108 can represent any manner of communication between the authentication server 104 and the data store 110 such as, for example, a private network, a direct connection between the authentication server 104 and the data store 110 , etc.
- the network 108 can be or include a local or wide area network, a portion of the Internet, combinations of same and/or the like.
- each component can be illustrative of a plurality of such components.
- the data store 110 can be representative of a plurality of data stores and the authentication server 104 can be representative of a cluster of authentication servers.
- the clients 114 are each shown to include an authoring tool 116 and a viewing tool 118 .
- the authoring tool 116 can include software and/or hardware that sends protected network transmissions (e.g., network transmissions that include encrypted data) to one or more recipient computer systems.
- the viewing tool 118 can include software and/or hardware that receives and decrypts protected network transmissions received from sender computer systems. It should be appreciated that the clients 114 can be considered either sender or recipient computer systems depending on context.
- a client executing the authoring tool 116 to send a protected network transmission may be referred to as a sender computer system with respect to the sent transmission.
- a client executing the viewing tool 118 to receive and access a protected network transmission may be referred to as a recipient computer system with respect to the received transmission.
- the authoring tool 116 , the viewing tool 118 and the authentication module 106 can collaborate to execute a multi-node encryption/decryption protocol for protected network transmissions.
- a multi-node encryption/decryption protocol for protected network transmissions.
- particular combinations of symmetric and asymmetric keys can be used to progressively encrypt data in a multi-layered fashion so as to reduce or eliminate points of failure. Examples of functionality for initiating and sending protected network transmissions will be described in relation to FIGS. 3A-B . Examples of functionality for receiving and accessing protected network transmissions will be described in relation to FIGS. 4A-B .
- Other examples of systems that can implement processes described herein are detailed in U.S. Pat. Nos. 8,239,682, 8,239,682 is hereby incorporated by reference.
- FIG. 2 illustrates an example of an computer system 200 that, in some cases, can be representative, for example, of the authentication server 104 , the data store 110 and/or the clients 114 .
- the computer system 200 includes an application 250 operable to execute on computer resources 256 .
- the application 250 can be similar, for example, to the authentication module 106 , the authoring tool 116 and/or the viewing tool 118 .
- the computer system 200 may perform one or more steps of one or more methods described or illustrated herein.
- one or more computer systems may provide functionality described or illustrated herein.
- encoded software running on one or more computer systems may perform one or more steps of one or more methods described or illustrated herein or provide functionality described or illustrated herein.
- the components of the computer system 200 may comprise any suitable physical form, configuration, number, type and/or layout.
- the computer system 200 may comprise an embedded computer system, a system-on-chip (SOC), a single-board computer system (SBC) (such as, for example, a computer-on-module (COM) or system-on-module (SOM)), a desktop computer system, a laptop or notebook computer system, an interactive kiosk, a mainframe, a mesh of computer systems, a mobile telephone, a personal digital assistant (PDA), a wearable or body-borne computer, a server, or a combination of two or more of these.
- the computer system 200 may include one or more computer systems; be unitary or distributed; span multiple locations; span multiple machines; or reside in a cloud, which may include one or more cloud components in one or more networks.
- the computer system 200 includes a processor 242 , memory 244 , storage 248 , interface 246 , and bus 252 .
- a particular computer system is depicted having a particular number of particular components in a particular arrangement, this disclosure contemplates any suitable computer system having any suitable number of any suitable components in any suitable arrangement.
- Processor 242 may be a microprocessor, controller, or any other suitable computing device, resource, or combination of hardware, software and/or encoded logic operable to execute, either alone or in conjunction with other components, (e.g., memory 244 ), the application 250 . Such functionality may include providing various features discussed herein.
- processor 242 may include hardware for executing instructions, such as those making up the application 250 .
- processor 242 may retrieve (or fetch) instructions from an internal register, an internal cache, memory 244 , or storage 248 ; decode and execute them; and then write one or more results to an internal register, an internal cache, memory 244 , or storage 248 .
- processor 242 may include one or more internal caches for data, instructions, or addresses. This disclosure contemplates processor 242 including any suitable number of any suitable internal caches, where appropriate. As an example and not by way of limitation, processor 242 may include one or more instruction caches, one or more data caches, and one or more translation lookaside buffers (TLBs). Instructions in the instruction caches may be copies of instructions in memory 244 or storage 248 and the instruction caches may speed up retrieval of those instructions by processor 242 .
- TLBs translation lookaside buffers
- Data in the data caches may be copies of data in memory 244 or storage 248 for instructions executing at processor 242 to operate on; the results of previous instructions executed at processor 242 for access by subsequent instructions executing at processor 242 , or for writing to memory 244 , or storage 248 ; or other suitable data.
- the data caches may speed up read or write operations by processor 242 .
- the TLBs may speed up virtual-address translations for processor 242 .
- processor 242 may include one or more internal registers for data, instructions, or addresses. Depending on the embodiment, processor 242 may include any suitable number of any suitable internal registers, where appropriate. Where appropriate, processor 242 may include one or more arithmetic logic units (ALUs); be a multi-core processor; include one or more processors 242 ; or any other suitable processor.
- ALUs arithmetic logic units
- Memory 244 may be any form of volatile or non-volatile memory including, without limitation, magnetic media, optical media, random access memory (RAM), read-only memory (ROM), flash memory, removable media, or any other suitable local or remote memory component or components.
- memory 244 may include random access memory (RAM).
- This RAM may be volatile memory, where appropriate.
- this RAM may be dynamic RAM (DRAM) or static RAM (SRAM).
- this RAM may be single-ported or multi-ported RAM, or any other suitable type of RAM or memory.
- Memory 244 may include one or more memories 244 , where appropriate.
- Memory 244 may store any suitable data or information utilized by the computer system 200 , including software embedded in a computer readable medium, and/or encoded logic incorporated in hardware or otherwise stored (e.g., firmware).
- memory 244 may include main memory for storing instructions for processor 242 to execute or data for processor 242 to operate on.
- one or more memory management units may reside between processor 242 and memory 244 and facilitate accesses to memory 244 requested by processor 242 .
- the computer system 200 may load instructions from storage 248 or another source (such as, for example, another computer system) to memory 244 .
- Processor 242 may then load the instructions from memory 244 to an internal register or internal cache.
- processor 242 may retrieve the instructions from the internal register or internal cache and decode them.
- processor 242 may write one or more results (which may be intermediate or final results) to the internal register or internal cache.
- Processor 242 may then write one or more of those results to memory 244 .
- processor 242 may execute only instructions in one or more, internal registers or internal caches or in memory 244 (as opposed to storage 248 or elsewhere) and may operate only on data in one or more internal registers or internal caches or in memory 244 (as opposed to storage 248 or elsewhere).
- storage 248 may include mass storage for data or instructions.
- storage 248 may include a hard disk drive (HDD), a floppy disk drive, flash memory, an optical disc, a magneto-optical disc, magnetic tape, or a Universal Serial Bus (USB) drive or a combination of two or more of these.
- Storage 248 may include removable or non-removable (or fixed) media, where appropriate.
- Storage 248 may be internal or external to the computer system 200 , where appropriate.
- storage 248 may be non-volatile, solid-state memory.
- storage 248 may include read-only memory (ROM).
- this ROM may be mask-programmed ROM, programmable ROM (PROM), erasable PROM (EPROM), electrically erasable PROM (EEPROM), electrically alterable ROM (EAROM), or flash memory or a combination of two or more of these.
- Storage 248 may take any suitable physical form and may comprise any suitable number or type of storage. Storage 248 may include one or more storage control units facilitating communication between processor 242 and storage 248 , where appropriate.
- interface 246 stay include hardware, encoded software, or both providing one or more interfaces for communication (such as, for example, packet-based communication) among any networks, any network devices, and/or any other computer systems.
- communication interface 246 may include a network interface controller (NIC) or network adapter for communicating with an Ethernet or other wire-based network and/or a wireless NIC (WNIC) or wireless adapter for communicating with a wireless network.
- NIC network interface controller
- WNIC wireless NIC
- interface 246 may be any type of interface suitable for any type of network for which computer system 200 is used.
- computer system 200 can include (or communicate with) an ad-hoc network, a personal area network (PAN), a local area network (LAN), a wide area network (WAN), a metropolitan area network (MAN), or one or more portions of the Internet or a combination of two or more of these.
- PAN personal area network
- LAN local area network
- WAN wide area network
- MAN metropolitan area network
- One or more portions of one or more of these networks may be wired or wireless.
- computer system 200 can include (or communicate with) a wireless PAN (WPAN) (such as, for example, a BLUETOOTH WPAN), a WI-FI network, a WI-MAX network, an LTE network, an LTE-A network, a cellular telephone network (such as, for example, a Global System for Mobile Communications (GSM) network), or any other suitable wireless network or a combination of two or more of these.
- WPAN wireless PAN
- WI-FI such as, for example, a BLUETOOTH WPAN
- WI-MAX such as, for example, a GSM network
- LTE network such as, for example, a GSM network
- GSM Global System for Mobile Communications
- the computer system 200 may include any suitable interface 246 for any one or more of these networks, where appropriate.
- interface 246 may include one or more interfaces for one or more I/O devices.
- I/O devices may include a keyboard, keypad, microphone, monitor, mouse, printer, scanner, speaker, still camera, stylus, tablet, touchscreen, trackball, video camera, another suitable I/O device or a combination of two or more of these.
- An I/O device may include one or more sensors.
- Particular embodiments may include any suitable type and/or number of I/O devices and any suitable type and/or number of interfaces 246 for them.
- interface 246 may include one or more drivers enabling processor 242 to drive one or more of these I/O devices.
- Interface 246 may include one or more interfaces 246 , where appropriate.
- Bus 252 may include any combination of hardware, software embedded in a computer readable medium, and/or encoded logic incorporated in hardware or otherwise stored (e.g., firmware) to couple components of the computer system 200 to each other.
- bus 252 may include an Accelerated Graphics Port (AGP) or other graphics bus, an Enhanced Industry Standard Architecture (EISA) bus, a front-side bus (FSB), a HYPERTRANSPORT (HT) interconnect, an Industry Standard Architecture (ISA) bus, an INFINIBAND interconnect, a low-pin-count (LPC) bus, a memory bus, a Micro Channel Architecture (MCA) bus, a Peripheral Component Interconnect (PCI) bus, a PCI-Express (PCI-X) bus, a serial advanced technology attachment (SATA) bus, a Video Electronics Standards Association local (VLB) bus, or any other suitable bus or a combination of two or more of these.
- AGP Accelerated Graphics Port
- EISA Enhanced Industry Standard Architecture
- Bus 252 may include any number, type, and/or configuration of buses 252 , where appropriate.
- one or more buses 252 (which may each include an address bus and a data bus) may couple processor 242 to memory 244 .
- Bus 252 may include one or more memory buses.
- a computer-readable storage medium encompasses one or more tangible computer-readable storage media possessing structures.
- a computer-readable storage medium may include a semiconductor-based or other integrated circuit (IC) (such, as for example, a field-programmable gate array (FPGA) or an application-specific IC (ASIC)), a hard disk, an HDD, a hybrid hard drive (HHD), an optical disc, an optical disc drive (ODD), a magneto-optical disc, a magneto-optical drive, a floppy disk, a floppy disk drive (FDD), magnetic tape, a holographic storage medium, a solid-state drive (SSD), a RAM-drive, a SECURE DIGITAL card, a SECURE DIGITAL drive, a flash memory card, a flash memory drive, or any other suitable tangible computer-readable storage medium or a combination of two or more of these, where appropriate.
- IC semiconductor-based or other integrated circuit
- Particular embodiments may include one or more computer-readable storage media implementing any suitable storage.
- a computer-readable storage medium implements one or more portions of processor 242 (such as, for example, one or more internal registers or caches), one or more portions of memory 244 , one or more portions of storage 248 , or a combination of these, where appropriate.
- a computer-readable storage medium implements RAM or ROM.
- a computer-readable storage medium implements volatile or persistent memory.
- one or more computer-readable storage media embody encoded software.
- encoded software may encompass one or more applications, bytecode, one or more computer programs, one or more executables, one or more instructions, logic, machine code, one or more scripts, or source code, and vice versa, where appropriate, that have been stored or encoded in a computer-readable storage medium.
- encoded software includes one or more application programming interfaces (APIs) stored or encoded in a computer-readable storage medium.
- APIs application programming interfaces
- Particular embodiments may use any suitable encoded software written or otherwise expressed in any suitable programming language or combination of programming languages stored or encoded in any suitable type or number of computer-readable storage media.
- encoded software may be expressed as source code or object code.
- encoded software is expressed in a higher-level programming language, such as, for example, C, Perl, or a suitable extension thereof.
- encoded software is expressed in a lower-level programming language, such as assembly language (or machine code).
- encoded software is expressed in JAVA.
- encoded software is expressed in Hyper Text Markup Language (HTML), Extensible Markup Language (XML), or other suitable markup language.
- HTML Hyper Text Markup Language
- XML Extensible Markup Language
- FIG. 3A illustrates an example of a process 300 for initiating and sending a protected data transmission by a sender computer system such as, for example, one of the clients 114 of FIG. 1 .
- FIG. 3B describes example data 350 that can be used or generated as part of the process 300 .
- the process 300 in whole or in part, can be implemented by one or more of the authentication server 104 , the authentication module 106 , the data store 110 , the clients 114 , the authoring tool 116 and/or the viewing tool 118 .
- the process 300 can also be performed generally by the secure computing environment 102 and/or the system 100 . Although any number of systems, in whole or in part, can implement the process 300 , to simplify discussion, the process 300 will be described in relation to specific systems or subsystems of the system 100 .
- the authoring tool 116 receives a trigger to initiate a protected network transmission.
- the trigger can be received from a user interface of the authoring tool 116 .
- the authoring tool 116 can receive a user indication or specification of a desire to initiate the protected network transmission.
- the trigger can be on a scheduled or periodic basis, received from a system or entity in communication with the authoring tool 116 , combinations of same and/or the like.
- the authoring tool 116 determines a payload of the protected network transmission and one or more recipients to whom the protected network transmission should be sent.
- the payload and/or the recipient(s) can be user-specified via a user interface of the authoring tool 116 .
- the payload and/or recipient(s) can be automatically generated based on rules or logic contained by, or accessible to, the authoring tool 116 .
- the authoring tool 116 could generate, as the payload, a compilation of personal information used for the auditing.
- the authoring tool 116 could automatically determine the recipient(s), for example, based on a predetermined workflow, information or conditions present in the generated payload, combinations of same and/or the like.
- the authoring tool determines symmetric keys that will be used for the protected network transmission.
- the symmetric keys can be generated as part of the block 306 using, for example, the American Encryption Standard (AES) algorithm.
- AES American Encryption Standard
- each symmetric key can be individually determined or generated on-demand at a time when encryption using that symmetric key is to occur (or just prior to such a time).
- the symmetric keys can be determined together, or substantially contemporaneously. For purposes of illustration, examples will be described herein in which three symmetric keys are determined at the block 306 . In particular, reference will be made herein to first, second and third symmetric keys.
- the authoring tool 116 encrypts the payload using a first symmetric key of the symmetric keys.
- the block 308 can yield data item 352 of FIG. 3B .
- the authoring tool 116 encrypts the first symmetric key via a second symmetric key of the symmetric keys.
- the block 312 can yield data item 354 of FIG. 3B .
- the authoring tool 116 encrypts an author header via a third symmetric key.
- the author header can include, for example, a list of the one or more authorized recipients, the encrypted first symmetric key, and/or other information.
- the block 312 can include generating the author header.
- the author header can correspond to a format of data item 356 of FIG. 3B .
- the block 312 can yield, for example, data item 358 of FIG. 3B .
- the authoring tool 116 encrypts the third symmetric key via a public asymmetric key associated with the authentication server 104 and/or the authentication module 106 .
- the public asymmetric key can correspond to the public key of a public-private key pair from a certificate authority. According to this example, the corresponding private asymmetric key can be considered to be in the possession of the authentication server 104 .
- the block 314 can yield data item 360 of FIG. 3B .
- the authoring tool 116 generates an authentication header.
- the authentication header can include, for example, the encrypted author header, the encrypted third symmetric key, metadata and/or other information.
- the block 316 can yield data item 362 of FIG. 3B .
- the generation of the authentication header can be omitted in favor of handling the elements of the authentication header as separate data items.
- the operations described herein in relation to authentication headers can be replaced with operations in relation to the constituent parts of the authentication headers.
- the metadata included in the authentication header can include information sufficient to identify or distinguish the authentication header from other authentication headers (or, alternatively, identify or distinguish the protected data transmission from other protected data transmissions mediated by the authentication server 104 ).
- the metadata can include information about the protected data transmission such as, for example, temporal data about the protected data transmission (e.g., a timestamp associated with the trigger, a current timestamp as of metadata generation, etc.), information about the sender computer system, information about the recipient computer system, etc.
- the information about the sender computer system can include, for example, a username, handle and/or address (e.g., email address) of a user who initiated or is responsible for the transmission, a network address and/or hardware fingerprint of the sender computer system, combinations of same and/or the like.
- the information about the recipient computer system can include, for example, a username, handle and/or address (e.g., email address) of each user who is authorized to receive or access the protected data transmission, a network address and/or hardware fingerprint of the recipient computer system, a random or unique identifier associated with the protected data transmission, combinations of same and/or the like.
- the block 316 can include generating the metadata.
- the authoring tool 116 transmits the authentication header to the authentication server 104 for use in recipient-initiated pre-access authentication of the one or more recipients.
- the authentication module 106 of the authentication server 104 receives the authentication header.
- the authentication module 106 causes the authentication header to be stored in the data store 110 for later retrieval during recipient-initiated pre-access authentication.
- the authoring tool 116 transmits the encrypted payload and the second symmetric key to the determined recipients.
- the transmission can occur via any network or messaging protocol.
- the encrypted payload and the second symmetric key can be encapsulated in a container of a preconfigured file format.
- the block 324 can include generating a container that includes the encrypted payload and the second symmetric key and transmitting the container to the determined recipients.
- the container can be transmitted via social-media messaging, instant messaging, email, file sharing etc.
- the act of transmitting can refer to making the container, or the data items thereof, available for download over a network. An example of a container is shown with respect to data item 364 of FIG. 3B .
- FIG. 4A illustrates an example of a process 400 for accessing a protected data transmission by a recipient computer system such as, for example, one of the clients 114 of FIG. 1 .
- FIG. 4B describes example data 450 that can be used or generated as part of the process 400 .
- the process 400 in whole or in part, can be implemented by one or more of the authentication server 104 , the authentication module 106 , the data store 110 , the clients 114 , the authoring tool 116 and/or the viewing tool 118 .
- the process 400 can also be performed generally by the secure computing environment 102 and/or the system 100 . Although any number of systems, in whole or in part, can implement the process 400 , to simplify discussion, the process 400 will be described in relation to specific systems or subsystems of the system 100 .
- the viewing tool 118 of the recipient computer system receives a protected data transmission.
- the protected data transmission has been sent to the recipient computer system as described in relation to FIGS. 3A-B .
- the protected data transmission can be, include or be contained within a container of the format shown with respect to data item 452 of FIG. 4B .
- the viewing tool 118 generates a recipient header.
- the recipient header can include metadata, recipient authentication information (e.g., recipient credentials associated with the recipient computer system or a user of the recipient computer system), a public key associated with the recipient computer system, and/or other information.
- the metadata of the recipient header can correspond to, or include selected parts of, the metadata of the received protected data transmission (e.g., see the data item 452 ).
- the metadata of the recipient header includes information sufficient to identify an authentication header corresponding to the protected data transmission.
- the block 404 can yield data item 454 of FIG. 4B .
- the viewing tool 118 transmits the recipient header to the authentication server 104 so as to initiate pre-access authentication.
- the authentication module 106 of the authentication server 104 receives the recipient header.
- the authentication module 106 uses the metadata of the recipient header to correlate the recipient header to a particular authentication header of the data store 110 that relates to the same protected data transmission.
- the recipient header includes metadata of the same type and format (or of a similar type and format) as the metadata of the authentication headers of the data store 110 .
- the correlation can involve matching the metadata of the recipient header to the metadata of the authentication headers of the data store 110 so as to yield the particular authentication header.
- the data store 110 can receive the metadata, perform the correlation and return the particular authentication header to the authentication module 106 .
- the correlation can be performed, at least in part, by the authentication module 106 .
- the particular authentication header to which the recipient header is correlated can be of the form shown in relation to data item 456 of FIG. 4B .
- the authentication module 106 decrypts the third symmetric key from the particular authentication header via a private key associated with the authentication server 104 .
- the block 412 can yield data item 458 of FIG. 4B .
- the authentication module 106 decrypts the author header from the particular authentication header via the decrypted third symmetric key.
- the block 414 can yield data item 460 of FIG. 4B .
- the authentication module 106 authenticates the recipient computer system (or a user thereof) as an authorized recipient of the encrypted payload to which the particular authentication header corresponds. For example, authentication can be based on a determined match between a portion of the recipient authentication information and the authorized recipient list of the decrypted author header. According to this example, the appearance of a recipient user name in both the recipient authentication information and the authorized recipient list could result in a determination that the recipient computer system is an authorized recipient (provided that any other applicable security criteria, such as password authentication, is satisfied). In some embodiments, if the authentication at block 416 is not successful, such that the recipient computer system is not authenticated as an authorized recipient, the process 400 terminates.
- the authentication module 106 encrypts the encrypted first symmetric key using the public asymmetric key associated with the recipient computer system.
- the block 418 can yield an encrypted package, or a doubly-encrypted first asymmetric key, for example, of the form of data item 462 of FIG. 4B .
- the authentication module 106 transmits the encrypted package to the recipient computer system.
- the viewing tool 118 receives the encrypted package.
- the viewing tool 118 decrypts the encrypted package via a private key associated with the recipient computer system. In an example, the block 424 can yield data item 464 of FIG. 4B .
- the viewing tool 118 decrypts the first symmetric key via the second symmetric key, which key was included in the protected data transmission received at block 402 . In an example, the block 426 can yield data item 466 of FIG. 4B .
- the viewing tool 118 decrypts the encrypted payload of the protected data transmission via the first symmetric key. In an example, the block 428 can yield data item 468 of FIG. 4B .
- the processes described in relation to FIGS. 3A-B and 4 A-B can separate the payload of a protected data transmission from a key used to encrypt it for improved data security.
- the payload of the protected data transmission can be encrypted via a symmetric key referred to as a first symmetric key and sent to a recipient computer system.
- the authentication server 104 can mediate an encryption/decryption protocol between a sender computer system and a recipient computer system without being provided access to either the payload or an unencrypted or decryptable form of the first symmetric key.
- the first symmetric key can be encrypted via a symmetric key referred to as a second symmetric key and provided, in that encrypted form, to the authentication server 104 as part of an authentication header.
- the recipient computer system is able to decrypt the payload after authentication, at which point the encrypted first symmetric key is received from the authentication server 104 .
- the ability to decrypt is due, in part, to the fact that the protected data transmission includes the second symmetric key.
- the authentication server 104 does not receive either the second symmetric key or the payload.
- a total compromise of the authentication server 104 and/or the data store 110 would not result in exposure of protected data at least because the authentication server 104 lacks a key used to protect the payload.
- acts, events, or functions of any of the algorithms described herein can be performed in a different sequence, can be added, merged, or left out altogether (e.g., not all described acts or events are necessary for the practice of the algorithms).
- acts or events can be performed concurrently, e.g., through multi-threaded processing, interrupt processing, or multiple processors or processor cores or on other parallel architectures, rather than sequentially.
- certain computer-implemented tasks are described as being performed by a particular entity, other embodiments are possible in which these tasks are performed by a different entity.
Abstract
Description
Claims (17)
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US16/670,245 US10812456B2 (en) | 2015-04-24 | 2019-10-31 | System and method for enhanced data protection |
US17/025,838 US20210058381A1 (en) | 2015-04-24 | 2020-09-18 | System and method for enhanced data protection |
Applications Claiming Priority (5)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US201562152178P | 2015-04-24 | 2015-04-24 | |
US15/136,142 US9954832B2 (en) | 2015-04-24 | 2016-04-22 | System and method for enhanced data protection |
US15/946,965 US10298554B2 (en) | 2015-04-24 | 2018-04-06 | System and method for enhanced data protection |
US16/409,380 US10498704B2 (en) | 2015-04-24 | 2019-05-10 | System and method for enhanced data protection |
US16/670,245 US10812456B2 (en) | 2015-04-24 | 2019-10-31 | System and method for enhanced data protection |
Related Parent Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US16/409,380 Continuation US10498704B2 (en) | 2015-04-24 | 2019-05-10 | System and method for enhanced data protection |
Related Child Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US17/025,838 Continuation US20210058381A1 (en) | 2015-04-24 | 2020-09-18 | System and method for enhanced data protection |
Publications (2)
Publication Number | Publication Date |
---|---|
US20200067892A1 US20200067892A1 (en) | 2020-02-27 |
US10812456B2 true US10812456B2 (en) | 2020-10-20 |
Family
ID=57143684
Family Applications (5)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US15/136,142 Active 2036-10-20 US9954832B2 (en) | 2015-04-24 | 2016-04-22 | System and method for enhanced data protection |
US15/946,965 Active US10298554B2 (en) | 2015-04-24 | 2018-04-06 | System and method for enhanced data protection |
US16/409,380 Active US10498704B2 (en) | 2015-04-24 | 2019-05-10 | System and method for enhanced data protection |
US16/670,245 Active US10812456B2 (en) | 2015-04-24 | 2019-10-31 | System and method for enhanced data protection |
US17/025,838 Pending US20210058381A1 (en) | 2015-04-24 | 2020-09-18 | System and method for enhanced data protection |
Family Applications Before (3)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US15/136,142 Active 2036-10-20 US9954832B2 (en) | 2015-04-24 | 2016-04-22 | System and method for enhanced data protection |
US15/946,965 Active US10298554B2 (en) | 2015-04-24 | 2018-04-06 | System and method for enhanced data protection |
US16/409,380 Active US10498704B2 (en) | 2015-04-24 | 2019-05-10 | System and method for enhanced data protection |
Family Applications After (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US17/025,838 Pending US20210058381A1 (en) | 2015-04-24 | 2020-09-18 | System and method for enhanced data protection |
Country Status (2)
Country | Link |
---|---|
US (5) | US9954832B2 (en) |
WO (1) | WO2016172474A1 (en) |
Cited By (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US10905241B1 (en) * | 2019-12-06 | 2021-02-02 | Dooli Products, LLC | Furniture with anti-tipping mechanism and method for installing furniture |
US10939761B1 (en) * | 2019-12-06 | 2021-03-09 | Dooli Products, LLC | Furniture with anti-tipping characteristics |
USD927229S1 (en) | 2020-02-25 | 2021-08-10 | Dooli Products, LLC | Curved dresser |
USD927230S1 (en) | 2020-02-25 | 2021-08-10 | Dooli Products, LLC | Dresser with straight front |
USD927899S1 (en) | 2020-02-25 | 2021-08-17 | Dooli Products, LLC | Partly tapered dresser |
US11103067B2 (en) | 2019-12-06 | 2021-08-31 | Dooli Products, LLC | Furniture with anti-tipping features |
USD932216S1 (en) | 2019-12-06 | 2021-10-05 | Dooli Products, LLC | Tapered dresser |
US11266243B2 (en) | 2019-12-06 | 2022-03-08 | Dooli Products, LLC | Furniture having anti-tipping construction |
US11684157B1 (en) | 2022-12-13 | 2023-06-27 | Thoughtful Furniture Company, Llc | Furniture with anti-tipping support hinge |
Families Citing this family (14)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2016172474A1 (en) * | 2015-04-24 | 2016-10-27 | Encryptics, Llc | System and method for enhanced data protection |
US20200204991A1 (en) * | 2018-12-21 | 2020-06-25 | Micron Technology, Inc. | Memory device and managed memory system with wireless debug communication port and methods for operating the same |
US9973481B1 (en) * | 2015-06-16 | 2018-05-15 | Amazon Technologies, Inc. | Envelope-based encryption method |
US10033703B1 (en) | 2015-06-16 | 2018-07-24 | Amazon Technologies, Inc. | Pluggable cipher suite negotiation |
US10129219B1 (en) * | 2016-05-31 | 2018-11-13 | Cavium, Llc | Methods and systems for securing data stored at a storage area network |
CN107342977A (en) * | 2017-05-26 | 2017-11-10 | 芯盾网安(北京)科技发展有限公司 | Suitable for the information security method of point-to-point instant messaging |
US20180367308A1 (en) * | 2017-06-16 | 2018-12-20 | LARC Networks, Inc. | User authentication in a dead drop network domain |
EP3659294A1 (en) * | 2017-07-28 | 2020-06-03 | Kobil Systems GmbH | Secure messaging |
US11570155B2 (en) | 2019-07-25 | 2023-01-31 | Everything Blockchain Technology Corp. | Enhanced secure encryption and decryption system |
US11233707B2 (en) * | 2020-03-27 | 2022-01-25 | Raytheon Bbn Technologies Corp. | Metadata-based information provenance |
US11831657B2 (en) | 2020-03-27 | 2023-11-28 | Raytheon Bbn Technologies Corp. | Trust policies for a data provisioning layer |
US11876797B2 (en) | 2020-03-30 | 2024-01-16 | Everything Blockchain Technology Corp. | Multi-factor geofencing system for secure encryption and decryption system |
KR20220092192A (en) * | 2020-12-24 | 2022-07-01 | 삼성전자주식회사 | Method for providing object and electronic device for supporting the same |
US20220209940A1 (en) * | 2020-12-24 | 2022-06-30 | Samsung Electronics Co., Ltd. | Method for providing encrypted object and electronic device for supporting the same |
Citations (123)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US4027243A (en) | 1975-05-12 | 1977-05-31 | General Electric Company | Message generator for a controlled radio transmitter and receiver |
US4393269A (en) | 1981-01-29 | 1983-07-12 | International Business Machines Corporation | Method and apparatus incorporating a one-way sequence for transaction and identity verification |
US4477809A (en) | 1982-06-18 | 1984-10-16 | General Electric Company | Method for random-access radio-frequency data communications |
US4484355A (en) | 1983-04-11 | 1984-11-20 | Ritron, Inc. | Handheld transceiver with frequency synthesizer and sub-audible tone squelch system |
US4530051A (en) | 1982-09-10 | 1985-07-16 | At&T Bell Laboratories | Program process execution in a distributed multiprocessor system |
US4545071A (en) | 1982-11-12 | 1985-10-01 | Motorola, Inc. | Portable radio for a zoned data communications system communicating message signals between portable radios and a host computer |
WO1986003926A1 (en) | 1984-12-21 | 1986-07-03 | Motorola, Inc. | Method of communications between register-modelled radio devices |
US4707592A (en) | 1985-10-07 | 1987-11-17 | Ware Paul N | Personal universal identity card system for failsafe interactive financial transactions |
US4709136A (en) | 1985-06-04 | 1987-11-24 | Toppan Moore Company, Ltd. | IC card reader/writer apparatus |
GB2190820A (en) | 1986-05-22 | 1987-11-25 | Racal Guardata Ltd | Data communications systems and methods |
US4799156A (en) | 1986-10-01 | 1989-01-17 | Strategic Processing Corporation | Interactive market management system |
US4947028A (en) | 1988-07-19 | 1990-08-07 | Arbor International, Inc. | Automated order and payment system |
US4955049A (en) | 1989-08-11 | 1990-09-04 | Telefonaktiebolaget L M Ericsson | Method of supervising mobile telephone subscriptions in a mobile telephone system |
US5020093A (en) | 1989-06-23 | 1991-05-28 | Motorola, Inc. | Cellular telephone operable on different cellular telephone systems |
US5053606A (en) | 1987-06-08 | 1991-10-01 | Omron Tateisi Electronics Co. | Credit authorization terminal with circuitry to service plural customers in parallel |
US5099420A (en) | 1989-01-10 | 1992-03-24 | Bull Hn Information Systems Inc. | Method and apparatus for limiting the utilization of an asynchronous bus with distributed controlled access |
EP0479660A2 (en) | 1990-10-02 | 1992-04-08 | Digital Equipment Corporation | Distributed configuration profile for computing system |
EP0501967A1 (en) | 1989-09-21 | 1992-09-09 | Camborne Ind Plc | Compacting scrap metal in a tube for recycling. |
US5220564A (en) | 1990-09-06 | 1993-06-15 | Ncr Corporation | Transmission control for a wireless local area network station |
WO1993017529A1 (en) | 1992-02-24 | 1993-09-02 | Nokia Telecommunications Oy | Telecommunication system and subscriber authentication method |
US5283639A (en) | 1989-10-23 | 1994-02-01 | Esch Arthur G | Multiple media delivery network method and apparatus |
EP0590861A2 (en) | 1992-09-29 | 1994-04-06 | AT&T Corp. | Secure credit/debit card authorization |
EP0248403B1 (en) | 1986-06-02 | 1994-04-13 | Hitachi, Ltd. | Distributed interactive processing method in complex system including plural work stations and plural host computers and apparatus using the same |
EP0421808B1 (en) | 1989-10-06 | 1994-12-28 | André Peter Mansvelt | Funds transfer system |
US5412416A (en) | 1992-08-07 | 1995-05-02 | Nbl Communications, Inc. | Video media distribution network apparatus and method |
US5426427A (en) | 1991-04-04 | 1995-06-20 | Compuserve Incorporated | Data transmission routing system |
GB2289598A (en) | 1994-03-15 | 1995-11-22 | Mitel Corp | Adaptive communication system |
WO1996000485A2 (en) | 1994-06-24 | 1996-01-04 | Telefonaktiebolaget Lm Ericsson | User authentication method and apparatus |
US5483596A (en) | 1994-01-24 | 1996-01-09 | Paralon Technologies, Inc. | Apparatus and method for controlling access to and interconnection of computer system resources |
US5577120A (en) | 1995-05-01 | 1996-11-19 | Lucent Technologies Inc. | Method and apparatus for restrospectively identifying an individual who had engaged in a commercial or retail transaction or the like |
EP0745924A2 (en) | 1995-05-31 | 1996-12-04 | AT&T Corp. | User-transparent security method and apparatus for authenticating user terminal access to a network |
US5600364A (en) | 1992-12-09 | 1997-02-04 | Discovery Communications, Inc. | Network controller for cable television delivery systems |
US5604542A (en) | 1995-02-08 | 1997-02-18 | Intel Corporation | Using the vertical blanking interval for transporting electronic coupons |
US5604803A (en) | 1994-06-03 | 1997-02-18 | Sun Microsystems, Inc. | Method and apparatus for secure remote authentication in a public network |
WO1997007656A2 (en) | 1995-08-22 | 1997-03-06 | Backweb | Method and apparatus for transmitting and displaying information between a remote network and a local computer |
WO1997009682A1 (en) | 1995-09-01 | 1997-03-13 | Elonex Plc | Service independent electronic document server |
EP0384339B1 (en) | 1989-02-24 | 1997-04-02 | Digital Equipment Corporation | Broker for computer network server selection |
US5638513A (en) | 1993-12-22 | 1997-06-10 | Ananda; Mohan | Secure software rental system using continuous asynchronous password verification |
US5655077A (en) | 1994-12-13 | 1997-08-05 | Microsoft Corporation | Method and system for authenticating access to heterogeneous computing services |
US5675507A (en) | 1995-04-28 | 1997-10-07 | Bobo, Ii; Charles R. | Message storage and delivery system |
US5684950A (en) | 1996-09-23 | 1997-11-04 | Lockheed Martin Corporation | Method and system for authenticating users to multiple computer servers via a single sign-on |
US5689638A (en) | 1994-12-13 | 1997-11-18 | Microsoft Corporation | Method for providing access to independent network resources by establishing connection using an application programming interface function call without prompting the user for authentication data |
US5802304A (en) | 1996-04-18 | 1998-09-01 | Microsoft Corporation | Automatic dialer responsive to network programming interface access |
US5862339A (en) | 1996-07-09 | 1999-01-19 | Webtv Networks, Inc. | Client connects to an internet access provider using algorithm downloaded from a central server based upon client's desired criteria after disconnected from the server |
US5884024A (en) | 1996-12-09 | 1999-03-16 | Sun Microsystems, Inc. | Secure DHCP server |
US5889958A (en) | 1996-12-20 | 1999-03-30 | Livingston Enterprises, Inc. | Network access control system and process |
US5892900A (en) | 1996-08-30 | 1999-04-06 | Intertrust Technologies Corp. | Systems and methods for secure transaction management and electronic rights protection |
EP0501697B1 (en) | 1991-02-27 | 1999-04-14 | AT&T Corp. | Mediation of transactions by a communications system |
US5896444A (en) | 1996-06-03 | 1999-04-20 | Webtv Networks, Inc. | Method and apparatus for managing communications between a client and a server in a network |
US5898780A (en) | 1996-05-21 | 1999-04-27 | Gric Communications, Inc. | Method and apparatus for authorizing remote internet access |
US5898839A (en) | 1997-03-17 | 1999-04-27 | Geonet Limited, L.P. | System using signaling channel to transmit internet connection request to internet service provider server for initiating and internet session |
US5918013A (en) | 1996-06-03 | 1999-06-29 | Webtv Networks, Inc. | Method of transcoding documents in a network environment using a proxy server |
US5935207A (en) | 1996-06-03 | 1999-08-10 | Webtv Networks, Inc. | Method and apparatus for providing remote site administrators with user hits on mirrored web sites |
US5940074A (en) | 1996-06-03 | 1999-08-17 | Webtv Networks, Inc. | Remote upgrade of software over a network |
US5950010A (en) | 1996-11-25 | 1999-09-07 | J.D. Edwards World Source Co. | System and method for customized application package building and installation |
US5974461A (en) | 1996-06-03 | 1999-10-26 | Webtv Networks, Inc. | Method for automatically regenerating information at a client system in the event of power or communication disruption between the client system and the server |
US5983273A (en) | 1997-09-16 | 1999-11-09 | Webtv Networks, Inc. | Method and apparatus for providing physical security for a user account and providing access to the user's environment and preferences |
US6023585A (en) | 1997-05-02 | 2000-02-08 | Webtv Networks, Inc. | Automatically selecting and downloading device drivers from a server system to a client system that includes one or more devices |
US6023698A (en) | 1996-12-05 | 2000-02-08 | International Business Machines Corporation | System and method for transparently registering and updating information over the internet |
US6026079A (en) | 1994-05-05 | 2000-02-15 | Webtv Networks, Inc. | Modem to support multiple site call conferenced data communications |
US6061798A (en) | 1996-02-06 | 2000-05-09 | Network Engineering Software, Inc. | Firewall system for protecting network elements connected to a public network |
US6070192A (en) | 1997-05-30 | 2000-05-30 | Nortel Networks Corporation | Control in a data access transport service |
US6128663A (en) | 1997-02-11 | 2000-10-03 | Invention Depot, Inc. | Method and apparatus for customization of information content provided to a requestor over a network using demographic information yet the user remains anonymous to the server |
US6134590A (en) | 1996-04-16 | 2000-10-17 | Webtv Networks, Inc. | Method and apparatus for automatically connecting devices to a local network |
US6138119A (en) | 1997-02-25 | 2000-10-24 | Intertrust Technologies Corp. | Techniques for defining, using and manipulating rights management data structures |
US6141694A (en) | 1997-09-16 | 2000-10-31 | Webtv Networks, Inc. | Determining and verifying user data |
US6178505B1 (en) | 1997-03-10 | 2001-01-23 | Internet Dynamics, Inc. | Secure delivery of information in a network |
US6185685B1 (en) | 1997-12-11 | 2001-02-06 | International Business Machines Corporation | Security method and system for persistent storage and communications on computer network systems and computer network systems employing the same |
EP0506637B1 (en) | 1991-03-29 | 2001-08-01 | Ericsson Inc. | Cellular verification and validation system |
US6289450B1 (en) | 1999-05-28 | 2001-09-11 | Authentica, Inc. | Information security architecture for encrypting documents for remote access while maintaining access control |
US20010029581A1 (en) | 2000-04-06 | 2001-10-11 | Knauft Christopher L. | System and method for controlling and enforcing access rights to encrypted media |
US6311197B2 (en) | 1996-06-03 | 2001-10-30 | Webtv Networks, Inc. | Method for downloading a web page to a client for efficient display on a television screen |
WO2001097480A2 (en) | 2000-06-12 | 2001-12-20 | Mediashell Corp. | System and method for controlling the access to digital works through a network |
US20020010679A1 (en) | 2000-07-06 | 2002-01-24 | Felsher David Paul | Information record infrastructure, system and method |
US20020027992A1 (en) | 2000-08-31 | 2002-03-07 | Sony Corporation | Content distribution system, content distribution method, information processing apparatus, and program providing medium |
US20020048369A1 (en) | 1995-02-13 | 2002-04-25 | Intertrust Technologies Corp. | Systems and methods for secure transaction management and electronic rights protection |
US20020082997A1 (en) | 2000-07-14 | 2002-06-27 | Hiroshi Kobata | Controlling and managing digital assets |
US20020091928A1 (en) | 2000-10-03 | 2002-07-11 | Thaddeus Bouchard | Electronically verified digital signature and document delivery system and method |
US20020099941A1 (en) | 2001-01-25 | 2002-07-25 | Murata Kikai Kabushiki Kaisha | Email processing method, email processing apparatus and recording medium |
US20020129275A1 (en) | 2001-03-08 | 2002-09-12 | Decuir Joseph Charles | Methods, systems, computer program products, and data structures for limiting the dissemination of electronic mail |
US20030037237A1 (en) | 2001-04-09 | 2003-02-20 | Jean-Paul Abgrall | Systems and methods for computer device authentication |
US20030044012A1 (en) | 2001-08-31 | 2003-03-06 | Sharp Laboratories Of America, Inc. | System and method for using a profile to encrypt documents in a digital scanner |
US6571290B2 (en) | 1997-06-19 | 2003-05-27 | Mymail, Inc. | Method and apparatus for providing fungible intercourse over a network |
US20040003269A1 (en) | 2002-06-28 | 2004-01-01 | Microsoft Corporation | Systems and methods for issuing usage licenses for digital content and services |
US20040003139A1 (en) | 2002-06-28 | 2004-01-01 | Microsoft Corporation | Secure server plug-in architecture for digital rights management systems |
US20040022390A1 (en) | 2002-08-02 | 2004-02-05 | Mcdonald Jeremy D. | System and method for data protection and secure sharing of information over a computer network |
EP0650307B1 (en) | 1993-10-26 | 2004-03-24 | Kabushiki Kaisha Toshiba | Radio telecommunication apparatus |
US6721784B1 (en) | 1999-09-07 | 2004-04-13 | Poofaway.Com, Inc. | System and method for enabling the originator of an electronic mail message to preset an expiration time, date, and/or event, and to control and track processing or handling by all recipients |
US20040148356A1 (en) | 2002-11-04 | 2004-07-29 | Bishop James William | System and method for private messaging |
EP0814589B1 (en) | 1996-06-19 | 2004-08-25 | AT&T Corp. | System and method for automated network reconfiguration |
US6824051B2 (en) | 2001-06-07 | 2004-11-30 | Contentguard Holdings, Inc. | Protected content distribution system |
US20050060537A1 (en) | 2003-01-23 | 2005-03-17 | Verdasys, Inc. | Managed distribution of digital assets |
US20050120212A1 (en) | 2002-03-14 | 2005-06-02 | Rajesh Kanungo | Systems and method for the transparent management of document rights |
US20050177873A1 (en) | 2004-02-10 | 2005-08-11 | Yi-Lin Wu | File access controlling method and file access controlling system for digital rights management |
US20050229258A1 (en) | 2004-04-13 | 2005-10-13 | Essential Security Software, Inc. | Method and system for digital rights management of documents |
US6990684B2 (en) | 2000-08-31 | 2006-01-24 | Sony Corporation | Person authentication system, person authentication method and program providing medium |
US20060085850A1 (en) | 2004-10-14 | 2006-04-20 | Microsoft Corporation | System and methods for providing network quarantine using IPsec |
US7143296B2 (en) | 1997-04-16 | 2006-11-28 | Sony Corporation | Transmitting/receiving apparatus and a transmitting/receiving method |
US20070033397A1 (en) | 2003-10-20 | 2007-02-08 | Phillips Ii Eugene B | Securing digital content system and method |
US20070050696A1 (en) | 2003-03-31 | 2007-03-01 | Piersol Kurt W | Physical key for accessing a securely stored digital document |
US20070067618A1 (en) | 2005-01-18 | 2007-03-22 | Tricipher, Inc. | Asymmetric crypto-graphy with rolling key security |
US7290285B2 (en) | 2000-06-30 | 2007-10-30 | Zinio Systems, Inc. | Systems and methods for distributing and viewing electronic documents |
US20070258585A1 (en) | 2006-05-05 | 2007-11-08 | Tricipher, Inc. | Multifactor split asymmetric crypto-key with persistent key security |
US20070258594A1 (en) | 2006-05-05 | 2007-11-08 | Tricipher, Inc. | Secure login using a multifactor split asymmetric crypto-key with persistent key security |
US7310821B2 (en) | 2001-08-27 | 2007-12-18 | Dphi Acquisitions, Inc. | Host certification method and system |
US7353385B2 (en) | 2000-04-28 | 2008-04-01 | Sony Corporation | Authentication system, authentication method, authentication apparatus, and authentication method therefor |
US7398556B2 (en) | 1995-10-13 | 2008-07-08 | Koninklijke Philips Electronics N.V. | System and method for managing copyrighted electronic media |
US7406596B2 (en) | 2000-03-10 | 2008-07-29 | Herbert Street Technologies | Data transfer and management system |
US7418737B2 (en) | 2001-06-13 | 2008-08-26 | Mcafee, Inc. | Encrypted data file transmission |
US20080294895A1 (en) | 2007-02-15 | 2008-11-27 | Michael Bodner | Disaggregation/reassembly method system for information rights management of secure documents |
US7472280B2 (en) | 2000-12-27 | 2008-12-30 | Proxense, Llc | Digital rights management |
US20090154703A1 (en) | 2007-12-18 | 2009-06-18 | Vizio | Content Protection Using Encryption Keys Where only part of the private key is associated with end user data |
US7590861B2 (en) | 2002-08-06 | 2009-09-15 | Privaris, Inc. | Methods for secure enrollment and backup of personal identity credentials into electronic devices |
US7870198B2 (en) | 2003-06-27 | 2011-01-11 | Microsoft Corporation | Content rights management for email and documents contents and systems, structures, and methods therefor |
US20110082798A1 (en) | 2009-10-05 | 2011-04-07 | Sap Ag | System and method for securely transmitting data across a system landscape |
US8205078B2 (en) | 2002-06-27 | 2012-06-19 | International Business Machines Corporation | Handling files containing confidential or sensitive information |
US8239682B2 (en) | 2005-09-28 | 2012-08-07 | Nl Systems, Llc | Method and system for digital rights management of documents |
US8290160B1 (en) | 2001-10-17 | 2012-10-16 | Appalachian Technologies Corporation of Pennsylvania | Method and apparatus for secured facsimile transmission |
US20130073854A1 (en) | 2011-09-21 | 2013-03-21 | Onyx Privacy, Inc. | Data storage incorporating crytpographically enhanced data protection |
US8474058B2 (en) | 1995-02-01 | 2013-06-25 | Rovi Solutions Corporation | Method and system for managing a data object so as to comply with predetermined conditions for usage |
US20130326220A1 (en) | 2012-05-31 | 2013-12-05 | Apple Inc. | Recipient blind cryptographic access control for publicly hosted message and data streams |
US8838704B2 (en) | 1998-11-06 | 2014-09-16 | Advanced Messaging Technologies, Inc. | System and process for transmitting electronic mail using a conventional facsimile device |
US20160315918A1 (en) * | 2015-04-24 | 2016-10-27 | Encryptics, Llc | System and method for enhanced data protection |
Family Cites Families (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2015066537A1 (en) * | 2013-10-31 | 2015-05-07 | Eco-Mail Development, Llc | System and method for secured content delivery |
US9608809B1 (en) * | 2015-02-05 | 2017-03-28 | Ionic Security Inc. | Systems and methods for encryption and provision of information security using platform services |
-
2016
- 2016-04-22 WO PCT/US2016/028834 patent/WO2016172474A1/en active Application Filing
- 2016-04-22 US US15/136,142 patent/US9954832B2/en active Active
-
2018
- 2018-04-06 US US15/946,965 patent/US10298554B2/en active Active
-
2019
- 2019-05-10 US US16/409,380 patent/US10498704B2/en active Active
- 2019-10-31 US US16/670,245 patent/US10812456B2/en active Active
-
2020
- 2020-09-18 US US17/025,838 patent/US20210058381A1/en active Pending
Patent Citations (136)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US4027243A (en) | 1975-05-12 | 1977-05-31 | General Electric Company | Message generator for a controlled radio transmitter and receiver |
US4393269A (en) | 1981-01-29 | 1983-07-12 | International Business Machines Corporation | Method and apparatus incorporating a one-way sequence for transaction and identity verification |
US4477809A (en) | 1982-06-18 | 1984-10-16 | General Electric Company | Method for random-access radio-frequency data communications |
US4530051A (en) | 1982-09-10 | 1985-07-16 | At&T Bell Laboratories | Program process execution in a distributed multiprocessor system |
US4545071A (en) | 1982-11-12 | 1985-10-01 | Motorola, Inc. | Portable radio for a zoned data communications system communicating message signals between portable radios and a host computer |
US4484355A (en) | 1983-04-11 | 1984-11-20 | Ritron, Inc. | Handheld transceiver with frequency synthesizer and sub-audible tone squelch system |
WO1986003926A1 (en) | 1984-12-21 | 1986-07-03 | Motorola, Inc. | Method of communications between register-modelled radio devices |
US4709136A (en) | 1985-06-04 | 1987-11-24 | Toppan Moore Company, Ltd. | IC card reader/writer apparatus |
US4707592A (en) | 1985-10-07 | 1987-11-17 | Ware Paul N | Personal universal identity card system for failsafe interactive financial transactions |
GB2190820A (en) | 1986-05-22 | 1987-11-25 | Racal Guardata Ltd | Data communications systems and methods |
EP0248403B1 (en) | 1986-06-02 | 1994-04-13 | Hitachi, Ltd. | Distributed interactive processing method in complex system including plural work stations and plural host computers and apparatus using the same |
US4799156A (en) | 1986-10-01 | 1989-01-17 | Strategic Processing Corporation | Interactive market management system |
US5053606A (en) | 1987-06-08 | 1991-10-01 | Omron Tateisi Electronics Co. | Credit authorization terminal with circuitry to service plural customers in parallel |
US4947028B1 (en) | 1988-07-19 | 1993-06-08 | U S Order Inc | |
US4947028A (en) | 1988-07-19 | 1990-08-07 | Arbor International, Inc. | Automated order and payment system |
US5099420A (en) | 1989-01-10 | 1992-03-24 | Bull Hn Information Systems Inc. | Method and apparatus for limiting the utilization of an asynchronous bus with distributed controlled access |
EP0384339B1 (en) | 1989-02-24 | 1997-04-02 | Digital Equipment Corporation | Broker for computer network server selection |
US5020093A (en) | 1989-06-23 | 1991-05-28 | Motorola, Inc. | Cellular telephone operable on different cellular telephone systems |
US4955049A (en) | 1989-08-11 | 1990-09-04 | Telefonaktiebolaget L M Ericsson | Method of supervising mobile telephone subscriptions in a mobile telephone system |
EP0501967A1 (en) | 1989-09-21 | 1992-09-09 | Camborne Ind Plc | Compacting scrap metal in a tube for recycling. |
EP0421808B1 (en) | 1989-10-06 | 1994-12-28 | André Peter Mansvelt | Funds transfer system |
US5283639A (en) | 1989-10-23 | 1994-02-01 | Esch Arthur G | Multiple media delivery network method and apparatus |
US5220564A (en) | 1990-09-06 | 1993-06-15 | Ncr Corporation | Transmission control for a wireless local area network station |
EP0479660A2 (en) | 1990-10-02 | 1992-04-08 | Digital Equipment Corporation | Distributed configuration profile for computing system |
US5475819A (en) | 1990-10-02 | 1995-12-12 | Digital Equipment Corporation | Distributed configuration profile for computing system |
EP0501697B1 (en) | 1991-02-27 | 1999-04-14 | AT&T Corp. | Mediation of transactions by a communications system |
EP0506637B1 (en) | 1991-03-29 | 2001-08-01 | Ericsson Inc. | Cellular verification and validation system |
US5426427A (en) | 1991-04-04 | 1995-06-20 | Compuserve Incorporated | Data transmission routing system |
WO1993017529A1 (en) | 1992-02-24 | 1993-09-02 | Nokia Telecommunications Oy | Telecommunication system and subscriber authentication method |
US5412416A (en) | 1992-08-07 | 1995-05-02 | Nbl Communications, Inc. | Video media distribution network apparatus and method |
EP0590861A2 (en) | 1992-09-29 | 1994-04-06 | AT&T Corp. | Secure credit/debit card authorization |
US5600364A (en) | 1992-12-09 | 1997-02-04 | Discovery Communications, Inc. | Network controller for cable television delivery systems |
EP0650307B1 (en) | 1993-10-26 | 2004-03-24 | Kabushiki Kaisha Toshiba | Radio telecommunication apparatus |
US5638513A (en) | 1993-12-22 | 1997-06-10 | Ananda; Mohan | Secure software rental system using continuous asynchronous password verification |
US5483596A (en) | 1994-01-24 | 1996-01-09 | Paralon Technologies, Inc. | Apparatus and method for controlling access to and interconnection of computer system resources |
GB2289598A (en) | 1994-03-15 | 1995-11-22 | Mitel Corp | Adaptive communication system |
US6026079A (en) | 1994-05-05 | 2000-02-15 | Webtv Networks, Inc. | Modem to support multiple site call conferenced data communications |
US5604803A (en) | 1994-06-03 | 1997-02-18 | Sun Microsystems, Inc. | Method and apparatus for secure remote authentication in a public network |
WO1996000485A2 (en) | 1994-06-24 | 1996-01-04 | Telefonaktiebolaget Lm Ericsson | User authentication method and apparatus |
US5655077A (en) | 1994-12-13 | 1997-08-05 | Microsoft Corporation | Method and system for authenticating access to heterogeneous computing services |
US5689638A (en) | 1994-12-13 | 1997-11-18 | Microsoft Corporation | Method for providing access to independent network resources by establishing connection using an application programming interface function call without prompting the user for authentication data |
US8474058B2 (en) | 1995-02-01 | 2013-06-25 | Rovi Solutions Corporation | Method and system for managing a data object so as to comply with predetermined conditions for usage |
US5604542A (en) | 1995-02-08 | 1997-02-18 | Intel Corporation | Using the vertical blanking interval for transporting electronic coupons |
US20020048369A1 (en) | 1995-02-13 | 2002-04-25 | Intertrust Technologies Corp. | Systems and methods for secure transaction management and electronic rights protection |
US5675507A (en) | 1995-04-28 | 1997-10-07 | Bobo, Ii; Charles R. | Message storage and delivery system |
US5577120A (en) | 1995-05-01 | 1996-11-19 | Lucent Technologies Inc. | Method and apparatus for restrospectively identifying an individual who had engaged in a commercial or retail transaction or the like |
US5721780A (en) | 1995-05-31 | 1998-02-24 | Lucent Technologies, Inc. | User-transparent security method and apparatus for authenticating user terminal access to a network |
EP0745924A2 (en) | 1995-05-31 | 1996-12-04 | AT&T Corp. | User-transparent security method and apparatus for authenticating user terminal access to a network |
WO1997007656A2 (en) | 1995-08-22 | 1997-03-06 | Backweb | Method and apparatus for transmitting and displaying information between a remote network and a local computer |
US5913040A (en) | 1995-08-22 | 1999-06-15 | Backweb Ltd. | Method and apparatus for transmitting and displaying information between a remote network and a local computer |
WO1997009682A1 (en) | 1995-09-01 | 1997-03-13 | Elonex Plc | Service independent electronic document server |
US7398556B2 (en) | 1995-10-13 | 2008-07-08 | Koninklijke Philips Electronics N.V. | System and method for managing copyrighted electronic media |
US6061798A (en) | 1996-02-06 | 2000-05-09 | Network Engineering Software, Inc. | Firewall system for protecting network elements connected to a public network |
US6134590A (en) | 1996-04-16 | 2000-10-17 | Webtv Networks, Inc. | Method and apparatus for automatically connecting devices to a local network |
US5802304A (en) | 1996-04-18 | 1998-09-01 | Microsoft Corporation | Automatic dialer responsive to network programming interface access |
US5898780A (en) | 1996-05-21 | 1999-04-27 | Gric Communications, Inc. | Method and apparatus for authorizing remote internet access |
US5918013A (en) | 1996-06-03 | 1999-06-29 | Webtv Networks, Inc. | Method of transcoding documents in a network environment using a proxy server |
US5940074A (en) | 1996-06-03 | 1999-08-17 | Webtv Networks, Inc. | Remote upgrade of software over a network |
US6073168A (en) | 1996-06-03 | 2000-06-06 | Webtv Networks, Inc. | Method for reducing delivery latency of an image or other secondary information associated with a file |
US5974461A (en) | 1996-06-03 | 1999-10-26 | Webtv Networks, Inc. | Method for automatically regenerating information at a client system in the event of power or communication disruption between the client system and the server |
US5935207A (en) | 1996-06-03 | 1999-08-10 | Webtv Networks, Inc. | Method and apparatus for providing remote site administrators with user hits on mirrored web sites |
US6311197B2 (en) | 1996-06-03 | 2001-10-30 | Webtv Networks, Inc. | Method for downloading a web page to a client for efficient display on a television screen |
US5896444A (en) | 1996-06-03 | 1999-04-20 | Webtv Networks, Inc. | Method and apparatus for managing communications between a client and a server in a network |
EP0814589B1 (en) | 1996-06-19 | 2004-08-25 | AT&T Corp. | System and method for automated network reconfiguration |
US5862339A (en) | 1996-07-09 | 1999-01-19 | Webtv Networks, Inc. | Client connects to an internet access provider using algorithm downloaded from a central server based upon client's desired criteria after disconnected from the server |
US5892900A (en) | 1996-08-30 | 1999-04-06 | Intertrust Technologies Corp. | Systems and methods for secure transaction management and electronic rights protection |
US5684950A (en) | 1996-09-23 | 1997-11-04 | Lockheed Martin Corporation | Method and system for authenticating users to multiple computer servers via a single sign-on |
US5950010A (en) | 1996-11-25 | 1999-09-07 | J.D. Edwards World Source Co. | System and method for customized application package building and installation |
US6023698A (en) | 1996-12-05 | 2000-02-08 | International Business Machines Corporation | System and method for transparently registering and updating information over the internet |
US5884024A (en) | 1996-12-09 | 1999-03-16 | Sun Microsystems, Inc. | Secure DHCP server |
US5889958A (en) | 1996-12-20 | 1999-03-30 | Livingston Enterprises, Inc. | Network access control system and process |
US6128663A (en) | 1997-02-11 | 2000-10-03 | Invention Depot, Inc. | Method and apparatus for customization of information content provided to a requestor over a network using demographic information yet the user remains anonymous to the server |
US6138119A (en) | 1997-02-25 | 2000-10-24 | Intertrust Technologies Corp. | Techniques for defining, using and manipulating rights management data structures |
US6178505B1 (en) | 1997-03-10 | 2001-01-23 | Internet Dynamics, Inc. | Secure delivery of information in a network |
US5898839A (en) | 1997-03-17 | 1999-04-27 | Geonet Limited, L.P. | System using signaling channel to transmit internet connection request to internet service provider server for initiating and internet session |
US7143296B2 (en) | 1997-04-16 | 2006-11-28 | Sony Corporation | Transmitting/receiving apparatus and a transmitting/receiving method |
US6023585A (en) | 1997-05-02 | 2000-02-08 | Webtv Networks, Inc. | Automatically selecting and downloading device drivers from a server system to a client system that includes one or more devices |
US6070192A (en) | 1997-05-30 | 2000-05-30 | Nortel Networks Corporation | Control in a data access transport service |
US6571290B2 (en) | 1997-06-19 | 2003-05-27 | Mymail, Inc. | Method and apparatus for providing fungible intercourse over a network |
US6141694A (en) | 1997-09-16 | 2000-10-31 | Webtv Networks, Inc. | Determining and verifying user data |
US5983273A (en) | 1997-09-16 | 1999-11-09 | Webtv Networks, Inc. | Method and apparatus for providing physical security for a user account and providing access to the user's environment and preferences |
US6185685B1 (en) | 1997-12-11 | 2001-02-06 | International Business Machines Corporation | Security method and system for persistent storage and communications on computer network systems and computer network systems employing the same |
US8838704B2 (en) | 1998-11-06 | 2014-09-16 | Advanced Messaging Technologies, Inc. | System and process for transmitting electronic mail using a conventional facsimile device |
US6289450B1 (en) | 1999-05-28 | 2001-09-11 | Authentica, Inc. | Information security architecture for encrypting documents for remote access while maintaining access control |
US6721784B1 (en) | 1999-09-07 | 2004-04-13 | Poofaway.Com, Inc. | System and method for enabling the originator of an electronic mail message to preset an expiration time, date, and/or event, and to control and track processing or handling by all recipients |
US7149893B1 (en) | 1999-09-07 | 2006-12-12 | Poofaway.Com, Inc. | System and method for enabling the originator of an electronic mail message to preset an expiration time, date, and/or event, and to control processing or handling by a recipient |
US7406596B2 (en) | 2000-03-10 | 2008-07-29 | Herbert Street Technologies | Data transfer and management system |
US20010029581A1 (en) | 2000-04-06 | 2001-10-11 | Knauft Christopher L. | System and method for controlling and enforcing access rights to encrypted media |
US7353385B2 (en) | 2000-04-28 | 2008-04-01 | Sony Corporation | Authentication system, authentication method, authentication apparatus, and authentication method therefor |
US20030191946A1 (en) | 2000-06-12 | 2003-10-09 | Auer Anthony R. | System and method controlling access to digital works using a network |
WO2001097480A2 (en) | 2000-06-12 | 2001-12-20 | Mediashell Corp. | System and method for controlling the access to digital works through a network |
US7290285B2 (en) | 2000-06-30 | 2007-10-30 | Zinio Systems, Inc. | Systems and methods for distributing and viewing electronic documents |
US20020010679A1 (en) | 2000-07-06 | 2002-01-24 | Felsher David Paul | Information record infrastructure, system and method |
US20020082997A1 (en) | 2000-07-14 | 2002-06-27 | Hiroshi Kobata | Controlling and managing digital assets |
US6990684B2 (en) | 2000-08-31 | 2006-01-24 | Sony Corporation | Person authentication system, person authentication method and program providing medium |
US20020027992A1 (en) | 2000-08-31 | 2002-03-07 | Sony Corporation | Content distribution system, content distribution method, information processing apparatus, and program providing medium |
US20020091928A1 (en) | 2000-10-03 | 2002-07-11 | Thaddeus Bouchard | Electronically verified digital signature and document delivery system and method |
US7472280B2 (en) | 2000-12-27 | 2008-12-30 | Proxense, Llc | Digital rights management |
US20020099941A1 (en) | 2001-01-25 | 2002-07-25 | Murata Kikai Kabushiki Kaisha | Email processing method, email processing apparatus and recording medium |
US20020129275A1 (en) | 2001-03-08 | 2002-09-12 | Decuir Joseph Charles | Methods, systems, computer program products, and data structures for limiting the dissemination of electronic mail |
US20030037237A1 (en) | 2001-04-09 | 2003-02-20 | Jean-Paul Abgrall | Systems and methods for computer device authentication |
US6824051B2 (en) | 2001-06-07 | 2004-11-30 | Contentguard Holdings, Inc. | Protected content distribution system |
US7418737B2 (en) | 2001-06-13 | 2008-08-26 | Mcafee, Inc. | Encrypted data file transmission |
US7310821B2 (en) | 2001-08-27 | 2007-12-18 | Dphi Acquisitions, Inc. | Host certification method and system |
US20030044012A1 (en) | 2001-08-31 | 2003-03-06 | Sharp Laboratories Of America, Inc. | System and method for using a profile to encrypt documents in a digital scanner |
US8290160B1 (en) | 2001-10-17 | 2012-10-16 | Appalachian Technologies Corporation of Pennsylvania | Method and apparatus for secured facsimile transmission |
US20050120212A1 (en) | 2002-03-14 | 2005-06-02 | Rajesh Kanungo | Systems and method for the transparent management of document rights |
US8205078B2 (en) | 2002-06-27 | 2012-06-19 | International Business Machines Corporation | Handling files containing confidential or sensitive information |
US20040003269A1 (en) | 2002-06-28 | 2004-01-01 | Microsoft Corporation | Systems and methods for issuing usage licenses for digital content and services |
US20040003139A1 (en) | 2002-06-28 | 2004-01-01 | Microsoft Corporation | Secure server plug-in architecture for digital rights management systems |
US20040022390A1 (en) | 2002-08-02 | 2004-02-05 | Mcdonald Jeremy D. | System and method for data protection and secure sharing of information over a computer network |
US7590861B2 (en) | 2002-08-06 | 2009-09-15 | Privaris, Inc. | Methods for secure enrollment and backup of personal identity credentials into electronic devices |
US20040148356A1 (en) | 2002-11-04 | 2004-07-29 | Bishop James William | System and method for private messaging |
US20050060537A1 (en) | 2003-01-23 | 2005-03-17 | Verdasys, Inc. | Managed distribution of digital assets |
US20070050696A1 (en) | 2003-03-31 | 2007-03-01 | Piersol Kurt W | Physical key for accessing a securely stored digital document |
US7870198B2 (en) | 2003-06-27 | 2011-01-11 | Microsoft Corporation | Content rights management for email and documents contents and systems, structures, and methods therefor |
US20070033397A1 (en) | 2003-10-20 | 2007-02-08 | Phillips Ii Eugene B | Securing digital content system and method |
US20050177873A1 (en) | 2004-02-10 | 2005-08-11 | Yi-Lin Wu | File access controlling method and file access controlling system for digital rights management |
US20150244688A1 (en) | 2004-04-13 | 2015-08-27 | Nl Systems, Llc | Method and system for digital rights management of documents |
US20050229258A1 (en) | 2004-04-13 | 2005-10-13 | Essential Security Software, Inc. | Method and system for digital rights management of documents |
US9003548B2 (en) | 2004-04-13 | 2015-04-07 | Nl Systems, Llc | Method and system for digital rights management of documents |
US20060085850A1 (en) | 2004-10-14 | 2006-04-20 | Microsoft Corporation | System and methods for providing network quarantine using IPsec |
US20070067618A1 (en) | 2005-01-18 | 2007-03-22 | Tricipher, Inc. | Asymmetric crypto-graphy with rolling key security |
US9094215B2 (en) | 2005-09-28 | 2015-07-28 | Nl Systems, Llc | Method and system for digital rights management of documents |
US8239682B2 (en) | 2005-09-28 | 2012-08-07 | Nl Systems, Llc | Method and system for digital rights management of documents |
US8677126B2 (en) | 2005-09-28 | 2014-03-18 | Nl Systems, Llc | Method and system for digital rights management of documents |
US20160028700A1 (en) | 2005-09-28 | 2016-01-28 | Nl Systems, Llc | Method and system for digital rights management of documents |
US20070258585A1 (en) | 2006-05-05 | 2007-11-08 | Tricipher, Inc. | Multifactor split asymmetric crypto-key with persistent key security |
US20070258594A1 (en) | 2006-05-05 | 2007-11-08 | Tricipher, Inc. | Secure login using a multifactor split asymmetric crypto-key with persistent key security |
US20080294895A1 (en) | 2007-02-15 | 2008-11-27 | Michael Bodner | Disaggregation/reassembly method system for information rights management of secure documents |
US20090154703A1 (en) | 2007-12-18 | 2009-06-18 | Vizio | Content Protection Using Encryption Keys Where only part of the private key is associated with end user data |
US20110082798A1 (en) | 2009-10-05 | 2011-04-07 | Sap Ag | System and method for securely transmitting data across a system landscape |
US20130073854A1 (en) | 2011-09-21 | 2013-03-21 | Onyx Privacy, Inc. | Data storage incorporating crytpographically enhanced data protection |
US20130326220A1 (en) | 2012-05-31 | 2013-12-05 | Apple Inc. | Recipient blind cryptographic access control for publicly hosted message and data streams |
US20160315918A1 (en) * | 2015-04-24 | 2016-10-27 | Encryptics, Llc | System and method for enhanced data protection |
US20180295108A1 (en) * | 2015-04-24 | 2018-10-11 | Encryptics, Llc | System and method for enhanced data protection |
Non-Patent Citations (9)
Title |
---|
"Authentica Unveils Saferoute for Secure Messaging", Press Release, Dec. 2002, Retrieved from the Internet on Sep. 10, 2007:<URL:http://www.authentica.com/news/pr2002/12-16-2002-saferoute.aspx>, 2 pages. |
Bott et al, "Microsoft Windows Security Inside Out", Microsoft Press, 2003, pp. 351-362. |
Ford et al, "A Key Distribution Method for Object-Based Protection", ACM, 1994, Retrieved from the Internet on Sep. 10, 2007: <URL: http://delivery.acm.org/10.1145/200000/191225/p193-ford.pdf?key1=191225&key2=0109739811&coll=&dl=acm&CFID=15151515&CFTOKEN=6184618>, pp. 193-197. |
Microsoft Computer Dictionary, Microsoft Press, 5th Edition, 2002, p. 171. |
Schneider, F.B., "Trust in Cyberspace", Dec. 1998 (Dec. 1998) ISBN-10:0-309-06558-5; ISBN-13: 978-0-309-06558-0 [retrieved on Jun. 6, 2007]. Retrieved from the internet, URL:http://www.aci/netkalliste/tic.htm.>, pp. 1-249. |
Thomas, Shane; "International Search Report" prepared from PCT/US16/28834, as dated Aug. 30, 2016, 3 pages. |
U.S. Appl. No. 15/136,142, Pollet et al. |
U.S. Appl. No. 15/136,154, McCarthy et al. |
U.S. Appl. No. 15/354,629, Pigin. |
Cited By (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US10905241B1 (en) * | 2019-12-06 | 2021-02-02 | Dooli Products, LLC | Furniture with anti-tipping mechanism and method for installing furniture |
US10939761B1 (en) * | 2019-12-06 | 2021-03-09 | Dooli Products, LLC | Furniture with anti-tipping characteristics |
US11103067B2 (en) | 2019-12-06 | 2021-08-31 | Dooli Products, LLC | Furniture with anti-tipping features |
USD932216S1 (en) | 2019-12-06 | 2021-10-05 | Dooli Products, LLC | Tapered dresser |
US11234520B2 (en) | 2019-12-06 | 2022-02-01 | Dooli Products, LLC | Furniture with lashing mechanism |
US11266243B2 (en) | 2019-12-06 | 2022-03-08 | Dooli Products, LLC | Furniture having anti-tipping construction |
USD927229S1 (en) | 2020-02-25 | 2021-08-10 | Dooli Products, LLC | Curved dresser |
USD927230S1 (en) | 2020-02-25 | 2021-08-10 | Dooli Products, LLC | Dresser with straight front |
USD927899S1 (en) | 2020-02-25 | 2021-08-17 | Dooli Products, LLC | Partly tapered dresser |
US11684157B1 (en) | 2022-12-13 | 2023-06-27 | Thoughtful Furniture Company, Llc | Furniture with anti-tipping support hinge |
Also Published As
Publication number | Publication date |
---|---|
US10298554B2 (en) | 2019-05-21 |
US20180295108A1 (en) | 2018-10-11 |
US20200067892A1 (en) | 2020-02-27 |
US9954832B2 (en) | 2018-04-24 |
WO2016172474A1 (en) | 2016-10-27 |
US10498704B2 (en) | 2019-12-03 |
US20160315918A1 (en) | 2016-10-27 |
US20190334878A1 (en) | 2019-10-31 |
US20210058381A1 (en) | 2021-02-25 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10812456B2 (en) | System and method for enhanced data protection | |
US11722314B2 (en) | Digital transaction signing for multiple client devices using secured encrypted private keys | |
EP3574434B1 (en) | Addressing a trusted execution environment using encryption key | |
US11082224B2 (en) | Location aware cryptography | |
US10574460B2 (en) | Mechanism for achieving mutual identity verification via one-way application-device channels | |
EP3574622B1 (en) | Addressing a trusted execution environment | |
US11212264B1 (en) | Systems and methods for third party data protection | |
CN112204921A (en) | System and method for protecting data privacy of lightweight devices using blockchains and multi-party computing | |
US10680816B2 (en) | Method and system for improving the data security during a communication process | |
KR20190108580A (en) | Addressing Techniques for Trusted Execution Environments Using Signature Keys | |
US20180063105A1 (en) | Management of enciphered data sharing | |
CN108199838B (en) | Data protection method and device | |
US20190158474A1 (en) | Runtime encryption plugin for a key management system | |
US20180083773A1 (en) | Information security device and information security method using accessibility | |
TWI597960B (en) | Key splitting | |
CN109711178B (en) | Key value pair storage method, device, equipment and storage medium | |
US20210194694A1 (en) | Data processing system | |
EP3688959B1 (en) | System for securing deployed security cameras | |
JP2011081654A (en) | Information processor, program protection system, program protection method and program | |
JP2013179453A (en) | Computer system and computing method | |
EP3433992A1 (en) | Cloud storage of data | |
Vinothini et al. | Security Based Processed Video Distribution on Multi-Core System | |
JP2015089001A (en) | Signcryption communication system and signcryption communication method |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
FEPP | Fee payment procedure |
Free format text: ENTITY STATUS SET TO UNDISCOUNTED (ORIGINAL EVENT CODE: BIG.); ENTITY STATUS OF PATENT OWNER: SMALL ENTITY |
|
FEPP | Fee payment procedure |
Free format text: ENTITY STATUS SET TO SMALL (ORIGINAL EVENT CODE: SMAL); ENTITY STATUS OF PATENT OWNER: SMALL ENTITY |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: DOCKETED NEW CASE - READY FOR EXAMINATION |
|
AS | Assignment |
Owner name: ENCRYPTICS, LLC, TEXAS Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:POLLET, CODY;BURGESS, CHARLES;ROACH, COURTNEY;AND OTHERS;SIGNING DATES FROM 20161116 TO 20191120;REEL/FRAME:051214/0100 |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: NOTICE OF ALLOWANCE MAILED -- APPLICATION RECEIVED IN OFFICE OF PUBLICATIONS |
|
AS | Assignment |
Owner name: KEYAVI DATA CORP, NEVADA Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:ENCRYPTICS, LLC;REEL/FRAME:053771/0114 Effective date: 20200903 |
|
STCF | Information on status: patent grant |
Free format text: PATENTED CASE |
|
MAFP | Maintenance fee payment |
Free format text: PAYMENT OF MAINTENANCE FEE, 4TH YR, SMALL ENTITY (ORIGINAL EVENT CODE: M2551); ENTITY STATUS OF PATENT OWNER: SMALL ENTITY Year of fee payment: 4 |